Domanda
I'm trying to secure the fields below by specifying the width of the variables so that buffer overflow will not occur. I would prefer not to use fgets() as I am trying to write something within the specifications I have been given (using scanf).
The code is below:
https://stackoverflow.com/questions/18889195
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianchar firstName[11], surName[21], job[16];
printf("Enter first name: ");
scanf("%10s", firstName);
printf("Enter surname: ");
scanf("%20s", surName);
printf("Enter job: ");
scanf("%15s", job);
So for input like so:
Enter first Name: UmbertoOverflow
/*surName gets skipped over*/
Enter job: janitor
I get:
First name: UmbertoOve
Surname: rflow
Job: janitor
It doesn't give me a chance to enter surname, it just fills with the remainder of the first name. This seems to be buffer overflow to me, so is there a way of using scanf without getting this result?
Soluzione
%10s for first name reads only first 10 characters - UmbertoOve - from input string and puts into firstname. The remaining - rflow - are still in the input buffer of program and scanf() for surname takes those characters. '\n' - or Return - key pressed while entering first name works as terminator and adds rflow in surname.
Its not buffer overflow, but expected behavior.
Altri suggerimenti
It's not bufferoverflow. It's just that scanf takes space or newline as the delimiter. Hence, the first scanf scans for 10 chars and the next continues to scan till it finds a space or '\n'.
Use
scanf("%10s%*s", firstName);
scanf("%20s%*s", surName);
scanf("%15s%*s", job);
